• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
karener

I'm halfway there - HJT log

6 posts in this topic

Hi,

 

I got hijacked. At first I couldn't do anything on my computer. The malware closed my browser whenever I visited a computer related site or tried to download any programs to help. I couldn't run hijackthis or cwshredder or any other programs to remove. My computer wouldn't even acknowledge that the programs were on my system I have got past that but I want to make sure I am completely rid of this garbage.

 

I had cws.googlems & cws.aboutblank. I also had hxdefdrv.sys including a # of registry entries. I seem to have managed to finally delete them without them reinstalling immediately.

 

Can you please take a look at my hjt log and let me know if there is anything else I should remove?

 

Logfile of HijackThis v1.98.0

Scan saved at 5:30:39 PM, on 7/18/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe

C:\WINDOWS\System32\svchost.exe

A:\Jacked.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online-sweepstakes.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080

O1 - Hosts: 213.159.118.228 collections.inhost.info

O1 - Hosts: 213.159.118.228 collections.inhost2.info

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll

O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z

O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe

O4 - Startup: Shortcut to Proxomitron.lnk = C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Customize &Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew

O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

O16 - DPF: DigiChat Applet - http://albany.digi-net.com/DigiChat/DigiCl...s/Client_IE.cab

O16 - DPF: {4A752EEF-26FA-4E8F-8FF0-4EB40FE1D33B} (ACNPlayer2 Class) - http://209.67.146.68/HarrisFiles/ePlayer.cab

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab

O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab

 

 

Thanks for any help you can provide.

Share this post


Link to post
Share on other sites

Hi, Karener,

 

Enable the "Show Hidden Folders" option, like this:

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden Files and Folders heading select Show Hidden Files and Folders.

Uncheck the Hide Protected Operating System Files (recommended) option.

Click Yes to confirm.

Click OK.

 

Please move your HJT to a permanent folder.

Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".

Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

 

Check to fix these items:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O1 - Hosts: 213.159.118.228 collections.inhost.info

O1 - Hosts: 213.159.118.228 collections.inhost2.info

O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe

 

These are optional to check because they are resource hogs at Startup and can always be opened as needed.

Your choice:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

** Note: Real Player and Office will have to be ended in Task Manager before they can be fixed.

 

Reboot into Safemode this way:

Turn on the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

Look for this file and delete it:

C:\WINDOWS\System32\wnsintsv.exe

 

Reboot.

 

Scan with these:

Ad-aware *

Download Ad-aware from here: http://www.computercops.biz/downloads-file-292.html

Install by double-clicking on the downloaded file.

After installing but before running, update Ad-aware by using its Globe icon.

After updating, shutdown and restart Ad-aware.

Ad-aware is ready to scan and clean your system following these steps:

 

Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

"Unload recognized processes during scanning."

Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

"Let Windows remove files in use after reboot."

Press "Scan Now"

Check option "Use Custom scanning options"

Check option "Activate In-Depth Scan"

Press "Select drives\folders to scan"

Select the active partition which is usually C:

Press "Next" to let Ad-aware scan your drives...

If it finds "bad" files and registry keys, press "Next" again

Right-click in that pane and choose "select all"

Press "next"

When it asks to remove all checked items, Press "OK"

Close Ad-aware, reboot your system and go on to the next step below.

 

Spybot S&D*

Download Spybot S&D here: http://www.computercops.biz/downloads-file-108.html

Install by double-clicking on the downloaded file.

Run Spybot S&D from desktop icon or Start menu.

Press "Search for updates" button to get list of updates available.

Press "Download updates" button.

Close all IE windows and close & restart Spybot S&D.

Press "Check for problems" button.

Have SpyBot remove all it marks in RED by pressing "Fix selected problems".

Close Spybot S&D, reboot your system.

 

Antivirus, online scan: Housecall: http://www.trendmicro.com/en/home/us/enterprise.htm

Or Panda: http://www.pandasoftware.com/activescan/co...n_principal.htm

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

 

Reboot.

Empty your Temporary Internet Files and history in Internet Options. And clean out your

%Userprofile%\Local Settings\Temp

 

OR use the Disk Cleanup Utility to empty all your Temp folders.

 

If your problems have cleared up, flush System Restore:

To flush the XP System Restore Points:

(Using XP, you must be logged in as Administrator to do this.)

 

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.

On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn Off System Restore.

 

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

Share this post


Link to post
Share on other sites

Thanks Bugbatter. I did all of the above (much of which I had already done but did again to be sure). I didn't really find much of anything. I didn't do the system restore though.

 

I did not find C:\WINDOWS\System32\wnsintsv.exe on my system. Was there something in my log that makes you think this is on my system or was it just to do as a procaution?

 

Here is my new log. Any thing else looking like scum in there? Or does it seem as though I am ok now?

 

Thanks for your help,

Karen

 

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 1:52:11 AM, on 7/19/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://www.online-sweepstakes.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

 

Microsoft Internet Explorer provided by Compaq

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

 

Settings,ProxyServer = localhost:8080

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

 

C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

 

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} -

 

C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

 

C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus -

 

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton

 

AntiVirus\NavShExt.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -

 

C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll

O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} -

 

C:\PROGRA~1\PopUpCop\PopUpCop.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program

 

Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access

 

Button Support\StartEAK.exe

O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [CMPDPSRV]

 

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program

 

Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI

 

RoboForm\RoboTaskBarIcon.exe"

O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq

 

Advisor\bin\compaq-rba.exe -z

O4 - Startup: Shortcut to Proxomitron.lnk = C:\Program

 

Files\Proxomitron Naoko-4\Proxomitron.exe

O8 - Extra context menu item: Customize &Menu - file://C:\Program

 

Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel -

 

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms &] - file://C:\Program

 

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Open Image in New Window -

 

res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew

O8 - Extra context menu item: Save Forms &[ - file://C:\Program

 

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Fill Forms (HKLM)

O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)

O9 - Extra button: Save (HKLM)

O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)

O9 - Extra button: RoboForm (HKLM)

O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)

O14 - IERESET.INF:

 

START_PAGE_URL=http://store.presario.net/scripts/redirectors/presari

 

o/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

O16 - DPF: DigiChat Applet -

 

http://albany.digi-net.com/DigiChat/DigiCl...s/Client_IE.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX

 

Control) -

 

http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor

 

Class) -

 

http://download.microsoft.com/download/0/5...-dd30-427d-a3de

 

-373c3e5552fc/msSecAdv.cab?1082342658437

O16 - DPF: {4A752EEF-26FA-4E8F-8FF0-4EB40FE1D33B} (ACNPlayer2 Class)

 

- http://209.67.146.68/HarrisFiles/ePlayer.cab

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) -

 

http://otx.ifilm.com/OTXMedia/OTXMedia.dll

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -

 

http://a1540.g.akamai.net/7/1540/52/200404...l.info.apple.co

 

m/saba/us/win/QuickTimeInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall

 

Control) -

 

http://a840.g.akamai.net/7/840/537/2004061...ll.trendmicro.c

 

om/housecall/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

 

Installer Class) -

 

http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

 

http://v4.windowsupdate.microsoft.com/CAB/.../iuctl.CAB?3818

 

6.0698611111

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) -

 

http://www.microsoft.com/security/controls/DoomCln.CAB

O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class)

 

- http://204.118.132.145/2_0/ACNePlayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

 

Object) -

 

http://fpdownload.macromedia.com/pub/shock...lash/swflash.ca

 

b

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) -

 

http://download.microsoft.com/download/7/E...-DFE4-4624-87C3

 

-163549BE2704/clearadj.cab

O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement

 

Service Client) - http://ccon.madonion.com/global/msc.cab

Edited by karener

Share this post


Link to post
Share on other sites

Your log looks clean (assuming that you want to keep online-sweepstakes as your startpage). If not, change it in IE Tools>Internet Options>General Tab

This showed as a running process in your first log:

O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe

but I do not see it in the last one, so one of the scans probably took care of it.

How is the computer running now?

Share this post


Link to post
Share on other sites

It is running ok. It's hard to tell I recently installed proxomitron and can't tell if it is that slowing down my dsl or possibly something else. I hate it. With how horrible this has been I have become totally paranoid. I was cautious before but I don't EVER want to have to go through this again.

 

If you have any other suggestions please let me know

 

Thanks for your help!

 

-Karen

Edited by karener

Share this post


Link to post
Share on other sites

Glad we could help!

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0